Friday, May 23, 2025
HomeCVE/vulnerabilityRockwell Automation ThinManager Flaw Let Attackers Execute Remote Code

Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code

Published on

SIEM as a Service

Follow Us on Google News

Rockwell Automation’s ThinManager ThinServer has been found to contain multiple critical vulnerabilities that could allow attackers to execute remote code.

Nicholas Zubrisky of Trend Micro Security Research discovered the flaws, identified as CVE-2024-7986, CVE-2024-7987, and CVE-2024-7988, and published a detailed advisory.

Vulnerability Overview

The vulnerabilities affect several versions of ThinManager ThinServer, a widely used platform for centralized management of thin client networks.

- Advertisement - Google News

The flaws have been assigned CVSS scores ranging from 5.5 to 9.8, indicating varying levels of severity.

Table: Affected Products and Solutions

Affected ProductFirst Known VersionCorrected Version
ThinManager® ThinServer™11.1.0-11.1.711.1.8
11.2.0-11.2.811.2.9
12.0.0-12.0.612.0.7
12.1.0-12.1.712.1.8
13.0.0-13.0.413.0.5
13.1.0-13.1.213.1.3
13.2.0-13.2.113.2.2

Detailed Analysis of Vulnerabilities

CVE-2024-7986: Information Disclosure

This vulnerability allows attackers to disclose sensitive information by exploiting the ThinServer service.

Threat actors can read arbitrary files by creating a junction that points to a target directory. The flaw is rated with a CVSS score of 5.5 (v3.1) and 6.8 (v4.0), indicating a moderate risk. The vulnerability is linked to CWE-269, which involves improper privilege management.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

CVE-2024-7987: Remote Code Execution

CVE-2024-7987 is a more severe flaw, enabling attackers to execute arbitrary code with system privileges.

By abusing the ThinServer service, attackers can upload arbitrary files, potentially compromising entire systems.

This vulnerability has a CVSS score of 7.8 (v3.1) and 8.5 (v4.0), highlighting its critical nature.

CVE-2024-7988: Critical Remote Code Execution

The most critical of the three, CVE-2024-7988, allows for remote code execution due to improper input validation.

This flaw can lead to file overwriting, posing a significant threat to system integrity. It has been assigned a CVSS score of 9.8 (v3.1) and 9.3 (v4.0).

Rockwell Automation has urged users to update the corrected software versions in the table above.

Implementing security best practices and staying informed about potential threats are also recommended to minimize risk.

The company emphasizes the importance of stakeholder-specific vulnerability categorization to prioritize security efforts effectively.

These vulnerabilities pose serious risks to industrial systems, so immediate action is advised to protect sensitive data and maintain operational integrity.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light...

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure...

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used...

Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware

Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light...

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure...

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used...